Title

The Unified Communications Endpoint must be configured to integrate into the implemented 802.1x network access control system. (Cat II impact)

Discussion

IEEE 802.1x is a protocol used to control access to LAN services via a network access switchport or wireless access point that requires a device or user to authenticate to the network element and become authorized by the authentication server before accessing the network. This standard is used to activate the network access switchport limiting traffic to a specific VLAN or install traffic filters. Implementing 802.1x port security on each access switchport denies all other MAC users, which eliminates the security risk of additional users attaching to a switch to bypass authentication. The hardware Unified Communications Endpoint must be an 802.1x supplicant and integrate into the 802.1x access control system. When 802.1x is used, all devices connecting to the LAN are required to use 802.1x. MAC Authentication Bypass is permitted by the Unified Communications Requirements Guide when the endpoint does not support 802.1x or required by mission continuity of operation requirements.

Check Content

Verify the Unified Communications Endpoint is configured to integrate into the implemented 802.1x network access control system. If the Unified Communications Endpoint does not integrate into the implemented 802.1x network access control system, this is a finding.

Fix Text

Configure the Unified Communications Endpoint to integrate into the implemented 802.1x network access control system.

Additional Identifiers

Rule ID: SRG-NET-000018-VVEP-00102_rule

Vulnerability ID: SRG-NET-000018-VVEP-00102

Group Title: SRG-NET-000018-VVEP-00102

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.